CVE-2018-9275
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-9275
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-9275.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-9275
- Downstream
- Related
- Published
- 2018-04-04T18:29:02Z
- Modified
- 2025-10-21T04:40:48.004812Z
- Severity
-
- 8.2 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In checkusertoken in util.c in the Yubico PAM module (aka pam_yubico) 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure (serial number of a device) and/or DoS (reaching the maximum number of file descriptors).
- References
Affected packages
Git / github.com/yubico/yubico-pam
Affected ranges
- Type
- GIT
- Repo
- https://github.com/yubico/yubico-pam
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
2.*
2.10
2.11
2.12
2.13
2.14
2.15
2.16
2.17
2.18
2.19
2.20
2.21
2.22
2.23
2.24
2.25
2.5
2.6
2.6pre2
2.6pre3
2.7
2.8
2.9
v2.*
v2.6
Database specific
vanir_signatures
[
{
"source": "https://github.com/yubico/yubico-pam/commit/0f6ceabab0a8849b47f67d727aa526c2656089ba",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "util.c"
},
"id": "CVE-2018-9275-73e96989",
"digest": {
"threshold": 0.9,
"line_hashes": [
"226607563752128757887514930765907415801",
"279701570390930019583909742435872770862",
"308494850977619412175153327874514612777",
"203417458892300943278019038761638732730"
]
},
"signature_type": "Line"
},
{
"source": "https://github.com/yubico/yubico-pam/commit/0f6ceabab0a8849b47f67d727aa526c2656089ba",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "check_user_token",
"file": "util.c"
},
"id": "CVE-2018-9275-fa157aba",
"digest": {
"length": 1698.0,
"function_hash": "119299559369141334615512022658670539382"
},
"signature_type": "Function"
}
]